CVE-2025-47907

low-risk

Published 2025-08-07

Cancelling a query (e.g. by cancelling the context passed to one of the query methods) during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being made in parallel. This can result in a race condition that may overwrite the expected results with those of another query, causing the call to Scan to return either unexpected results from the other query or an error.

Do I need to act?

0.02% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.0/10 High

NETWORK / HIGH complexity

Affected Products (1)

Affected Vendors

Golang

References (5)

Patch https://go.dev/cl/693735

Issue Tracking https://go.dev/issue/74831

Mailing List https://groups.google.com/g/golang-announce/c/x5MKroML2yM

Vendor Advisory https://pkg.go.dev/vuln/GO-2025-3849

Mailing List http://www.openwall.com/lists/oss-security/2025/08/06/1

/ 100

low-risk

Severity 21/34 · High

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal